We take data protection seriously
The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers save the IP of your internet service provider, the website from which you visit us, the web pages you visit on our website and the date and duration of the visit as standard. This information is absolutely necessary for the technical transmission of the web pages and secure server operation. A personalized evaluation of this data does not take place.
If you send us data via the contact form, this data will be stored on our servers in the course of data backup. Your data will only be used by us to process your request. Your data will be treated as strictly confidential. It will not be passed on to third parties.
Controller:
Kotobuki Europe GmbH
Managing Director: Noriyuki Nozaki & Masahiko Watanabe
Sichelweg 8
90765 Fürth
Germany
Telefon: +49 (0)911 / 376 626-70
E-Mail: info(at)koto-eu.de
Webshop / Purchase Processing
We process your data for the entire processing of your purchase, including any subsequent warranties, for our services, technical administration and our own marketing purposes. Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the performance of a contract or billing or if you have given your prior consent. In the context of purchase processing, for example, the service providers we use (such as carriers, logisticians, banks) receive the necessary data for order and order processing. The data passed on in this way may only be used by our service providers to fulfil their task. Any other use of the information is not permitted and does not take place with any of the service providers entrusted by us.
For your order we need your correct address details. We need your e-mail address so that we can confirm receipt of your order and communicate with you. We also use this for your identification (customer login). Furthermore, you will receive your order and shipping confirmation via your e-mail address.
Your personal data will be deleted if there are no legal obligations to retain it and if you have asserted a claim for deletion, if the data is no longer required to fulfil the purpose for which it was stored or if its storage is not permitted for other legal reasons.
Personal data
Personal data is data about you. This includes your name, address and email address. You do not have to disclose any personal data to visit our website. In some cases, we need your name and address as well as other information in order to provide you with the requested service.
The same applies in the event that we supply you with information material on request or when we answer your enquiries. In these cases, we will always point this out to you. Furthermore, we only store the data that you have transmitted to us automatically or voluntarily.
When you use one of our services, we generally only collect the information that is necessary to provide you with our service. We may ask you for additional information, but this is voluntary. Whenever we process personal data, we do so in order to provide you with our service or to pursue our commercial objectives.
Webshop / Purchase Processing
We process your data for the entire processing of your purchase, including any subsequent warranties, for our services, technical administration and our own marketing purposes. Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the performance of a contract or billing or if you have given your prior consent. In the context of purchase processing, for example, the service providers we use (such as carriers, logisticians, banks) receive the necessary data for order and order processing. The data passed on in this way may only be used by our service providers to fulfil their task. Any other use of the information is not permitted and does not take place with any of the service providers entrusted by us.
For your order we need your correct address details. We need your e-mail address so that we can confirm receipt of your order and communicate with you. We also use this for your identification (customer login). Furthermore, you will receive your order and shipping confirmation via your e-mail address.
Your personal data will be deleted if there are no legal obligations to retain it and if you have asserted a claim for deletion, if the data is no longer required to fulfil the purpose for which it was stored or if its storage is not permitted for other legal reasons.
The legal basis of the processing for the handling and processing of orders is Art. 6 para. 1 lit. b.
Payment via Payrexx
We use the Payrexx payment service to process payments. The provider of the service is Payrexx AG, Burgstrasse 18, 3600 Thun, Switzerland.
When paying via Payrexx, your data required for the payment of the goods is transmitted to the provider Payrexx, which offers you various payment options. Payrexx will process your payment data (details of orders placed and payments made) in order to process the payment. The data processed by Payrexx includes e.g. name, address, bank details (account numbers, credit card numbers, TANs, checksums). The processing of this data is necessary to make the payment
The legal basis for the use of the payment service is Art. 6 para. 1 lit. b. GDPR (fulfilment of contract). Furthermore, it is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to offer our customers effective and secure payment options.
MailChimp
For sending the newsletter, we use the so-called double opt-in procedure, i.e. we will only send you a newsletter by e-mail if you have previously expressly confirmed that you want us to activate the newsletter service. We will then send you a notification e-mail and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this e-mail. When you subscribe to our newsletter, we store your IP address and the date of subscription. This storage serves solely as evidence in case a third party misuses your e-mail address to register you for the newsletter without your knowledge or authorization. If you do not wish to receive any more newsletters from us at a later date, you can object to this at any time without incurring any costs other than the transmission costs according to the basic rates.
The newsletter is sent using “MailChimp”, a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients, as well as their other data described in the context of this notice, are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, MailChimp may use this data to optimize or improve its own services, e.g. to technically optimize the dispatch and display of the newsletters or for economic purposes to determine from which countries the recipients come. However, MailChimp is not allowed to use this data of our newsletter recipients to write to them itself, nor is it allowed to pass this data on to third parties. MailChimp is “Privacy Shield” certified and thus undertakes to comply with EU data protection requirements. You can view MailChimp’s privacy policy here.
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. The evaluations are used to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Jetpack (WordPress Stats)
Based on our legitimate interests according to Art. 6 li. f GDPR (i.e. interest in the analysis, optimization and economic operation of our online offer) we use the plugin Jetpack, which embeds a tool for statistical analysis of visitor traffic and is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.
The information generated by the cookie about your use of this website is stored on a server in the USA. In the process, user profiles can be created from the processed data, although these are only used for analysis purposes and not for advertising purposes. For more information, see Automattic’s privacy policy: automattic.com/privacy/ and notes on Jetpack cookies: jetpack.com/support/cookies/, jetpack.com/support/for-your-privacy-policy/, jetpack.com/support/privacy/.
Login Area / Customer Account
To use our service, users can register on our website with an email address and password. We will provide you with password-protected direct access to the data collected via our registration form. In your customer account you can manage your delivery and billing address, edit your password, edit account details and view your order history. You undertake to treat your personal access data confidentially and not to make it available to any unauthorised third party. We cannot accept any liability for misused passwords unless we are responsible for the misuse.
However, it is also possible to place an order in our shop without registering. In this case, we only process the data that we need to process your purchase.
Use of your data for advertising purposes
In addition to processing your data to complete your purchase, we also use your data to communicate with you about your orders, specific products or marketing promotions and to recommend products or services that may be of interest to you.
You can object to the use of your personal data for advertising purposes at any time, either in whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates. A notification in text form to the contact data mentioned under point 1 (e.g. e-mail, fax, letter) is sufficient for this purpose.
Automatically stored data
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- Complete IP address of the requesting computer
- data volume transferred
This data is not merged with other data sources. The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymised form for statistical purposes; it is not compared with other data or passed on to third parties, even in extracts. Only within the framework of our server statistics, which we publish every two years in our activity report, is a presentation of the number of page views made.
When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on its hard drive. Only the internet protocol address is stored. The information contained in the cookies allows us to recognise you automatically the next time you visit our website, making it easier for you to use. The legal basis for the use of technically necessary cookies is the legitimate interest according to Art. 6 para. 1 lit. f GDPR For the use of certain cookies, we obtain your consent via a cookie banner, in which case the legal basis for processing is Art. 6 (1) lit. a GDPR. You can revoke your consent at any time via the corresponding opt-out function in this privacy policy. These cookies are deleted after four weeks.
Of course, you can also visit our website without accepting cookies. If you do not want your computer to be recognised on your next visit, you can also refuse the use of cookies by changing the settings in your browser to “refuse cookies”. You will find the relevant procedure in the operating instructions for your browser. However, if you reject the use of cookies, this may result in restrictions in the use of some areas of our website.
Security
We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are bound by the applicable data protection laws.
Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our data protection statements are constantly being revised. Please ensure that you have the latest version.
Data subjects’ rights
You have a right to information, correction, deletion or restriction of the processing of your stored data at any time, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.
Right to information:
You can request information from us as to whether and to what extent we process your data.
Right of rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure:
You can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations.
Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
Right to restriction of processing:
You can request us to restrict the processing of your data if
- – You dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
- – the processing of the data is unlawful, but you refuse erasure and instead request restriction of the use of the data,
- – we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- – You have objected to the processing of the data.
Right to data portability:
You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that
- – we process that data on the basis of consent given by you, which may be revoked, or for the performance of a contract between us; and
- – this processing is carried out with the aid of automated procedures.
If technically feasible, you can request us to transfer your data directly to another data controller.
Right to object:
If we process your data for legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right of appeal:
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to exercise any of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
Changes to this privacy policy
We reserve the right to change our privacy policy if necessary due to new technologies. Please ensure that you have the latest version. If any material changes are made to this privacy statement, we will post those changes on our website.
Graf Consultings GmbH
Karwendelstraße 7
86949 Windach
Tel: +49-8193-2509830
E-Mail: datenschutz@gc-gmbh.com
E-Mail: anfragen(at)projekt29.de